Skill Auditor Pro
v2.1.1审查 ClawHub skills 的安全性,检测恶意代码、可疑模式和社工攻击。在安装任何第三方 skill 前使用此工具进行安全检查。
⭐ 3· 1.7k·3 current·4 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (audit ClawHub skills) matches the provided script, but the SKILL.md/script rely on external CLIs (clawhub inspect to fetch skills and an optional 'gemini' CLI for LLM analysis) even though the registry metadata declares no required binaries. Not declaring clawhub (and optionally gemini) is an incoherence — the tool will fail or behave unexpectedly without them.
Instruction Scope
Instructions and the script perform expected auditing actions (pattern scans, deobfuscation), but the L3 flow copies suspicious code to /tmp and explicitly asks the OpenClaw agent/LLM to 'analyze' that file. That step can expose secrets or sensitive code to whichever model/service runs the analysis. The script also searches for sensitive paths ($HOME/.ssh, ~/.aws, ~/.openclaw), which is reasonable for an auditor, but combining detection with automated copying and prompting to an LLM raises data-exfiltration/privacy risk.
Install Mechanism
No install spec (instruction-only with an included script) — low installation risk. The script itself is bundled and will run locally; there are no remote downloads or extract steps in the skill package. This is proportionate to the stated purpose.
Credentials
The skill declares no required env vars or credentials, which is appropriate. However, the scanner looks for references to API keys, tokens, and config dirs in scanned code and will surface them; combined with the L3 step that saves suspicious content to /tmp for agent analysis, that could reveal secrets to an LLM or external service. Also the SKILL.md mentions 'gemini' CLI but does not request it as a required credential/tool.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or global config. It writes temporary files to the system (/tmp, mktemp) which is expected for a scanner; no persistent installation or elevated privileges are requested.
What to consider before installing
This skill appears to implement a reasonable audit workflow, but review these points before installing or running it: 1) Ensure the host has 'clawhub' (and optionally the 'gemini' CLI) if you plan to use fetch or LLM analysis — the skill does not declare these requirements. 2) Be cautious with the L3 step: the script copies 'suspicious' code to /tmp and instructs an agent/LLM to analyze it — that can leak secrets or sensitive code to whatever model/service you invoke. Prefer running the audit locally and reviewing findings yourself rather than sending raw suspicious files to remote LLMs or public APIs. 3) Confirm the external reporting address (steipete@gmail.com) and any IoC lists are from a trusted source before using them. 4) If you need to proceed: run the script in an isolated environment, inspect its output and the /tmp artifact contents manually, and only use LLM analysis on redacted content that removes any credentials or secrets. If you want a safer verdict, provide: where this skill was published (homepage/source repo), whether 'clawhub' and 'gemini' are available in your environment, and whether you intend to allow the agent to send suspicious code to external LLM services.Like a lobster shell, security has layers — review code before you run it.
latestvk97bptxargtfv4wc7223kn7pcd80pjdj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.